Does Your Organization Need Cyberinsurance?

In the past decade, alongside the increased importance of digital tools for business, a new category of insurance has sprung up to cover digital data breaches and liability. With the average total cost of data breaches reaching $4 million dollars and the average cost of each lost or stolen digital record increasing to $158, it is clear that experiencing a data breach is an expensive affair.

While dedicated security response teams and encryption do decrease these costs, and IPS/IDS systems and other security measures can help reduce the risk, many organizations will still experience a data breach at some point.

Cyberinsurance can help mitigate the cost of a data breach by reimbursing your company for legal fees, helping with the cost of crisis management and investigation, notification costs, extortion liability fees, and third party damages relating to network or system outages. But does every organization need cyberinsurance?

Cyberinsurance Basics: Going Beyond General Liability

Your business likely already has general liability insurance to cover injury, property damage, and some other risks from your everyday services, operations, and products. However it often specifically excludes damages from cybersecurity related causes. Cyberinsurance comes in a number of flavors and has a premium cost between $1000 and $50,000 depending on your coverage and risk level, much of which is tied to the size of your company and the nature of your business.

Cyberinsurance is an evolved form of Errors and Omissions, a form of insurance that you may already have. Dating back decades, E&O covers any claims generated from service errors, like the disruption of your digital services. This also covers service problems from more office-oriented industries like legal, medical, or engineering. Eventually some E&O policies included coverage for network outages, unauthorized system access, or viruses.

Depending on the type of cyberinsurance you choose, it will cover:

• investigation of the data breach, including hiring of a third party digital forensics firm, repairing and supplementing the data breach attack vector, and coordination with law enforcement agencies as required
• monetary losses related to the business, such as any loss of revenue from your service being inaccessible by customers, loss of customer revenue, network downtime, the recovery of any lost data, and the restoration of functional hardware and software systems
• coverage for third-party claims, like damages from a business that uses your services and was affected by the breach as well as any regulatory penalties
• notification and public relations costs, including hiring of professionals to try and avoid damage to your organization’s reputation and communicating to affected customers and the public the extent of the breach
• extortion related costs, as in the case of ransomware